OpenID4VP - Receive and Present Credential

The Wallet Unit (WU) allows both individuals and organisations to act as holders of verifiable credentials, similar to how a physical wallet holds documents or ID cards. As part of the iGrant.io Organisation Wallet Suite, the Wallet Unit supports the secure and privacy-preserving sharing of credentials, based on the OpenID for Verifiable Presentations (OpenID4VP) standard. This page explains how a Wallet Unit receives a request from a verifier, selects the relevant credentials from its storage, and sends a verifiable presentation in response. The process ensures that credentials are shared only with consent, and that trust, data minimisation, and interoperability are maintained throughout the interaction.

Below are the steps for a verification workflow where the holder receives the presentation definition, selects the matching credentials, and sends the presentation to a verifier using OpenID for Verifiable Presentation (OpenID4VP).

Step 1: Get the API Key

To get the API key, contact [email protected].

Step 2: Receive Verification

Copy the presentation definition received from a known verifier as per OpenID4VP. This could be obtained by out-of-band means such as email or by logging into the verifier's system. Use this endpoint to receive the verification.

Step 3: Filter Credentials

Use this endpoint to filter stored credentials against the received presentation definition.

Step 4: Send Presentation

Use this endpoint to send the selected credentials to the verifier.

Trust status of the verifier

Before presenting, the wallet checks whether the verifier can be matched against a recognised trust list. The verification response exposes this through the isVerifiedWithTrustList and trustServiceProvider fields. If the verifier cannot be matched, the Data Wallet shows an "Untrusted Service Provider" notice. See The "Untrusted Service Provider" notice and Trust in the Wallet Ecosystem.